Year after year cybersecurity threat reports reveal that—despite our greatest fears—the most serious cyber risks come not from dangerous hackers or state-based cyber espionage, but from insider threats. That’s right, the most serious cybersecurity risks come from our own colleagues, partners, contractors and team members.
While no one should minimize the damage that hackers and state-affiliated agents can do to the federal government, the likelihood our trusted partners expose our data and systems to unacceptable risk with significant ramifications is high. The truth is, as much as you enjoy working with many of your colleagues, some of their behaviors may put your agency’s sensitive data at risk.
- The Careless Worker who misuses assets. Employees or partners who misappropriate resources, break acceptable use policies, mishandle data, install unauthorized applications and use unapproved workarounds; their actions are inappropriate as opposed to malicious, many of which fall within the world of Shadow IT (i.e., outside of IT knowledge and management).
- The Inside Agent who steals information on behalf of outsiders. Insiders recruited, solicited or bribed by external parties to exfiltrate data.
- The Disgruntled Employee who destroys property. Insiders who seek to harm their organization via destruction of data or disruption of operations.
- The Malicious Insider who steals for personal gain. Actors with access to agency assets who use existing privileges to access information for personal gain.
- The Feckless Third Party who accidentally compromises security. Business partners who compromise security through negligence, misuse, or malicious access to or use of an asset.
According to John Grim, Verizon Threat Research Advisory Center, Investigative Response Team, identifying an insider threat is as much about observing human behavior as it is about watching sensors and responding to alerts. “Indicators of risky insider behavior can include factors such as attempts to access information outside of normal job functions, working late hours for no required work reason, or concealing foreign contacts, travels or financial connections,” shared Grim. While no single behavior or activity, or even two or three, is definitively indicative of an insider threat, it’s important to pay attention to patterns or changes in behavior. And in particular, if this behavior can be correlated to data or alerts from devices that are monitoring and logging activity and devices and your agency’s network.
The good news is that even though you might be feeling uneasy after reading this so far, you and your agency aren’t powerless against insider threats. In fact, it’s quite likely that your agency already has many of the tools you need at your disposal. But now you should create or enhance your agency’s cyber action plans to better prepare for insider threats.
If you’re ready to get started on the plan and build your countermeasures, click on the button below. When you do, you’ll be guided through most up-to-date frameworks, best practices, and strategies to counter each insider, who intentionally, or accidentally, will put vital citizen data and mission critical information at risk.